win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
This module exploits a vulnerability in the Linux apport application. The apport application can be forced to drop privileges to uid 0 and write a corefile anywhere on the system. This can be used to write a corefile with crafted contents in a suitable location to gain root privileges.
Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call.
The KVMTest method in the com.ubuntu.USBCreator D-Bus service in Ubuntu Linux can invoke the kvm binary with root privileges using an arbitrary environment provided by an unprivileged user.
This flaw can be leveraged by a local unprivileged attacker to gain root privileges.
This flaw can be leveraged by a local unprivileged attacker to gain root privileges.
There is an authentication vulnerability in the Windows debugging subsystem (smss). This allows any user to obtain a handle with any access of any process running. With this handle an agent is injected in a SYSTEM process.
The update fixes an issue with HANDLEType in win32native lib.
The update fixes an issue with HANDLEType in win32native lib.
This module exploits a double free vulnerability in win32k.sys, allowing an unprivileged local user to cause a BSOD.
The TCP/IP Driver (tcpip.sys) present in Microsoft Windows fails to sufficiently validate memory objects used during the processing of a user-provided IOCTL. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL (0x00120028) to the vulnerable driver.
This module exploits a double-free vulnerability in "afd.sys" by calling to "AfdTransmiteFile" function with crafted parameters.
This update adds support to Windows 2003, Windows Vista, Windows 2008, Windows 7, Windows 2008 R2, Windows 8 and Windows 2012 (all 64 bit versions).
This update adds support to Windows 2003, Windows Vista, Windows 2008, Windows 7, Windows 2008 R2, Windows 8 and Windows 2012 (all 64 bit versions).
This module abuses a design flaw in the way Microsoft Windows implements a UAC whitelist. The flaw could allow a process running with Medium Integrity to elevate itself to High Integrity without a UAC prompt when the process is run from an account in the administrators group.
This module exploits a vulnerability in the Linux Kernel. The futex_requeue function in kernel/futex.c in the Linux kernel does not ensure that calls have two different futex addresses, which allows local attackers to gain privileges via a crafted FUTEX_REQUEUE command.